Skip to content

Incidents in country:

Russia

17 incidents catalogued

Data breachResolved

Kaspersky Club data breach (2024)

In March 2024, the independent fan forum Kaspersky Club suffered a data breach. The incident exposed 56k unique email addresses alongside usernames, IP addresses and passwords stored as either MD5 or bcrypt hashes.

Victim
Kaspersky Club
Records
56.0K
Data breachResolved

Convex data breach (2023)

In February 2023, the Russian telecommunications provider Convex was hacked by "Anonymous" who subsequently released 128GB of data publicly, alleging it revealed illegal government surveillance. The leaked data contained 150k unique email, IP and physical addresses, names and phone numbers.

Victim
Convex
Records
150.1K
Data breachResolved

Gemotest medical laboratory data breach

A database from Russian medical-testing chain Gemotest was offered on a hacking forum, with sellers claiming data on 31 million clients — names, passport and insurance numbers, dates of birth, addresses, phone numbers and email addresses. Have I Been Pwned later indexed about 6.3 million unique email addresses from the leak.

Victim
Gemotest
Records
31.0M
Data breachResolved

CDEK data breach (2022)

In early 2022, a collective known as IT Army whose stated goal is to "completely de-anonymise most Russian users by leaking hundreds of gigabytes of databases" published over 30GB of data allegedly sourced from Russian courier service CDEK.

Victim
CDEK
Records
19.2M
Insider threatResolved

Yandex.Eda customer data leak

Yandex's food-delivery service Yandex.Eda leaked the names, phone numbers, addresses, intercom codes and order details of more than 58,000 customers, which were later mapped onto an interactive public website. Russian regulator Roskomnadzor opened a case and a Moscow court fined the company 60,000 rubles.

Victim
Yandex.Eda
Loss
$700
Records
58.0K
Insider threatResolved

Yandex mail insider breach

Yandex disclosed that one of three administrators with privileged access to its email service had been selling unauthorized access to user mailboxes, compromising 4,887 inboxes before the company's internal security team detected the abuse during a routine review.

Victim
Yandex
Records
4.9K
Data breachResolved

Utair data breach (2019)

In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and loyalty program…

Victim
Utair
Records
401.4K
Data breachResolved

Cross Fire data breach (2016)

In August 2016, the Russian gaming forum known as Cross Fire (or cfire.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 12.8 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

Victim
Cross Fire
Records
12.9M
Data breachResolved

Пара Па data breach (2016)

In August 2016, the Russian gaming site known as Пара Па (or parapa.mail.ru) was hacked along with a number of other forums on the Russian mail provider, mail.ru. The vBulletin forum contained 4.9 million accounts including usernames, email addresses and passwords stored as salted MD5 hashes.

Victim
Пара Па
Records
4.9M
Data breachResolved

KM.RU data breach (2016)

In February 2016, the Russian portal and email service KM.RU was the target of an attack which was consequently detailed on Reddit. Allegedly protesting "the foreign policy of Russia in regards to Ukraine", KM.RU was one of several Russian sites in the breach and impacted almost 1.5M accounts…

Victim
KM.RU
Records
1.5M
Data breachResolved

mail.ru Dump data breach (2014)

In September 2014, several large dumps of user accounts appeared on the Russian Bitcoin Security Forum including one with nearly 5M email addresses and passwords, predominantly on the mail.ru domain.

Victim
mail.ru Dump
Records
16.6M
Data breachResolved

Rambler data breach (2014)

A data dump of almost 100 million accounts from Russian internet portal Rambler — often called 'the Russian Yahoo' — surfaced for trade in 2016, exposing roughly 91 million unique usernames and passwords stored in plain text.

Victim
Rambler
Records
91.4M
Data breachResolved

VK data breach (2012)

Russia's largest social network VK was compromised around 2012, exposing roughly 93 million accounts with names, phone numbers, email addresses and plaintext passwords. The data surfaced for sale in 2016 via the broker 'Peace'.

Victim
VK
Records
93.3M
Data breachResolved

QIP data breach (2011)

In mid-2011, the Russian instant messaging service known as QIP (Quiet Internet Pager) suffered a data breach. The attack resulted in the disclosure of over 26 million unique accounts including email addresses and passwords with the data eventually appearing in public years later.

Victim
QIP
Records
26.2M